Office365 DKIM and DMARC configuration

Office365 DKIM and DMARC configuration

DKIM and DMARC are used to prevent spoofing of the domain name by spammers. Configuring it in Office365 is quite easy, but must be done manually if you use a custom domain (so not the standard .onmicrosoft.com). I assume, that the standard DNS configuration including the SPF record is already done, as they are set automatically or at least validated during the setup of a new domain. To configure the DKIM and DMARC records, you just need to add a few DNS record and enable it in Exchange Online:

Step 1: Enable DKIM

Go to Exchange Admin Center and open dkim which you can find under protection. Select your domain and press “enable”:

You’ll see that it tells you that the CNAME record does not exist. It also shows you which records you have to add. In my case, I configure it for the domain reiter.bz and therefore, the CNAME records are:

Type

Host

Value

TTL

CNAME

selector1._domainkey

selector1-reiter-bz._domainkey.reiterits.onmicrosoft.com

3600

CNAME

selector2._domainkey

selector2-reiter-bz._domainkey.reiterits.onmicrosoft.com

3600

Wait a while and press enable again. Once it is enabled, you can also click “rotate” which activates rotation of DKIM signatures.

This entry tells receiving servers what to do with email that fail SPF and DKIM checks. It consists of a few parameters:

v is the version tag and value is DMARC1

p Policy to apply to email that fails the DMARC test. Values are: none (no action, just collect the data), quarantine (its up to receiver if it moves such mails to spam, quarantines it or ignores it), reject (do not accept this mail)